Lucene search

K
nessusTenable9908.PRM
HistoryJan 25, 2017 - 12:00 a.m.

Apache HTTP Server 2.4.x < 2.4.25 Multiple Vulnerabilities

2017-01-2500:00:00
Tenable
www.tenable.com
26

The version of Apache HTTP Server 2.4.x installed on the remote host is prior to 2.4.25. It is, therefore, affected by multiple vulnerabilities :

  • A flaw exists in the ‘mod_http2’ component that is triggered when handling the ‘LimitRequestFields’ directive and endless HTTP/2 CONTINUATION frames. This may allow a remote attacker to inject unlimited request headers, exhausting available memory resources. (CVE-2016-8740)
  • A flaw exists that is triggered when handling whitespace patterns in User-Agent headers. This may allow a remote attacker to use a specially crafted User-Agent header to cause the program to incorrectly handle sequences of requests, potentially interpreting responses incorrectly and polluting the cache, or disclosing content from one request to a second downstream user-agent. (CVE-2016-8743)
Binary data 9908.prm
VendorProductVersion
apachehttp_server